block: lock AioContext in bdrv_replace_child_noperm() when in non-coroutine context

mhkanda · kheubaum · commit 35e08b56c7c4 · 2024-06-13T13:44:37.000-05:00
When called in non-coroutine context, bdrv_replace_child_noperm() needs to
grab the AioContext lock because bdrv_parent_drained_begin_single() and
bdrv_parent_drained_end_single() rely on AIO_WAIT_WHILE(). This prevents
crashes when AIO_WAIT_WHILE() tries to temporarily release the lock.

Orabug: 36514180

Signed-off-by: Mark Kanda &lt;mark.kanda@oracle.com&gt;
Reviewed-by: Steve Sistare &lt;steven.sistare@oracle.com&gt;
diff --git a/block.c b/block.c
@@ -2832,6 +2832,7 @@ static void bdrv_replace_child_noperm(BdrvChild *child,
     BlockDriverState *old_bs = child->bs;
     int new_bs_quiesce_counter;
     int drain_saldo;
+    AioContext *ctx = bdrv_child_get_parent_aio_context(child);
 
     assert(!child->frozen);
     assert(old_bs != new_bs);
@@ -2844,6 +2845,10 @@ static void bdrv_replace_child_noperm(BdrvChild *child,
     new_bs_quiesce_counter = (new_bs ? new_bs->quiesce_counter : 0);
     drain_saldo = new_bs_quiesce_counter - child->parent_quiesce_counter;
 
+    if (ctx != qemu_get_aio_context()) {
+        aio_context_acquire(ctx);
+    }
+
     /*
      * If the new child node is drained but the old one was not, flush
      * all outstanding requests to the old child node.
@@ -2895,6 +2900,10 @@ static void bdrv_replace_child_noperm(BdrvChild *child,
         bdrv_parent_drained_end_single(child);
         drain_saldo++;
     }
+
+    if (ctx != qemu_get_aio_context()) {
+        aio_context_release(ctx);
+    }
 }
 
 /**
